What I'm currently doing is using this code wherein after line 37 I intend to setup a cookie of my own indicating who is logged in and then redirect the browser to another page. But I think that's not secure since user can look into javascript and mess with the cookie. But isn't that what fb js sdk must be doing behind the scene, setting some cookie?

How can I securely log in a user into my website(I will be maintaining a db table of fb ids)?